Questrade confirms it was subject to DDoS attack

The problems emerged on Friday, with the company reporting a series of issues with its web servers.

Disgruntled traders and a raft of complaints – this is what the team of Canadian brokerage Questrade has been facing since Friday, June 16, 2017, as its customers started reporting of the trading platforms being down and of problems logging in.

The first updates from the broker soon after the issues emerged said that the company was investigating an issue with its web servers. A couple of hours after the issue was supposed to be under control, problems re-emerged again. The Questrade team kept working to resolve the matter.

Late on Friday, the broker said connection was restored to its platforms apart from IQ Edge.

Today, it posted an update about what happened explaining the company was subject to a DDoS attack.

This is what the company said:

“We have completed our investigation and can confirm we were subjected to a DDoS attack Friday. To be clear, this was not a ‘hack’ and no personal information has been compromised. We have taken all available immediate steps to protect against similar future attacks.

We were unable to share more information during the attack, as doing so would reduce the effectiveness of some of our counter measures.

We apologize for the inconvenience this caused, and thank you for your understanding. “

The company’s platforms experienced similar outages earlier this year but today the broker explained that these were not the result of a DDoS attack. Such attacks often happen on Friday or during weekends, as cyber criminals abuse the fact that most staff are off for the weekend and the attack may go unnoticed.

Cyber security has been a serious issue for online trading companies and online payment services. It took more than two months and some serious financial resource for GMO Payment Gateway Inc (TYO:3769) to tackle the consequences of the data breach of two of its client websites. The work of both websites – one run by the Tokyo Metropolitan Government and one run by the Japan Housing Finance Agency was halted on March 10, 2017, several hours after GMO Payment Gateway confirmed unauthorized access to the websites and heavy data leak. The credit card payment site for metropolitan tax operated by the Tokyo Metropolitan Government resumed its work on April 24, 2017. The credit card payment website of the Japan Housing Finance Agency re-opened on June 5, 2017.

“We see and deflect ddos attacks on clients every day. We saw a big one on Friday aimed at a brokerage and we continue to deflect and mitigate it for them.” As internet-distributed malice continues, it is extremely important to improve your brokerage’s security. Here is the full investigation